How severe is CVE-2021-41178?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2021-41178?

This is classified as CWE-23, which is a common weakness in software security.

CVE-2021-41178

MEDIUM Year: 2021

CVSS v3 Score

6.5

Medium

CVSS v2 Score

4.0

Medium

Weakness Type

CWE-23

View all →

Vulnerability Description

Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, a file traversal vulnerability makes an attacker able to download arbitrary SVG images from the host system, including user provided files. This could also be leveraged into a XSS/phishing attack, an attacker could upload a malicious SVG file that mimics the Nextcloud login form and send a specially crafted link to victims. The XSS risk here is mitigated due to the fact that Nextcloud employs a strict Content-Security-Policy disallowing execution of arbitrary JavaScript. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5 or 22.2.0. There are no known workarounds aside from upgrading.

CVE-2018-13299

MEDIUM

CVSS:6.5(Medium)

Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter.

CWE-232018

CVE-2019-11822

MEDIUM

CVSS:6.5(Medium)

Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto p...

CWE-232019

CVE-2019-18338

MEDIUM

CVSS:6.5(Medium)

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains a directory traversal vulnerability in its XML-based communication ...

CWE-232019

CVE-2019-19287

MEDIUM

CVSS:6.5(Medium)

A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow attackers to traverse through the file system of the server based by sending specially crafted packets ov...

CWE-232019

CVE-2020-5405

MEDIUM

CVSS:6.5(Medium)

Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-con...

CWE-232020

CVE-2021-22674

MEDIUM

CVSS:6.5(Medium)

The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions pri...

CWE-232021

CVE-2021-41178

Vulnerability Description

Related Vulnerabilities

CVE-2018-13299

CVE-2019-11822

CVE-2019-18338

CVE-2019-19287

CVE-2020-5405

CVE-2021-22674